From de401e0e892cb3dede00d3f8dc574cae1afc2473 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 26 Nov 2020 10:53:45 +0100 Subject: [PATCH] github: Migrate from Travis CI to Github Actions On travis-ci.com (travis-ci.org will be discontinued by the end of the year) we are now charged for each minute. We only got 10000 credits in a trial plan, which we used up with a few builds. Minutes also cost a different amount of credits on different platforms: 10 on Linux, but 50 on macOS (installing the dependencies on macOS alone took 12-15 minutes on Travis for some reason, takes about half on Github's runners). No native Windows build yet as we have the same issue as on AppVeyor where threading/streaming tests might get stuck. And there is also only a single Windows platform to test on. Plus building/testing on Windows is very slow (and getting ccache to work seems tricky). The 'sw_collector' test case had to be disabled because we can't access /usr/local/share on the Github build hosts (the process is just blocked in readdir() and eventually times out). Unfortunately, we can't test on different architectures anymore (in particular ARM and the big-endian IBM Z/x390x). --- .cirrus.yml | 2 +- .github/actions/default/action.yml | 16 ++++ .github/workflows/android.yml | 43 +++++++++ .github/workflows/lgtm.yml | 24 +++++ .github/workflows/linux.yml | 148 +++++++++++++++++++++++++++++ .github/workflows/macos.yml | 37 ++++++++ .github/workflows/sonarcloud.yml | 53 +++++++++++ .github/workflows/windows.yml | 44 +++++++++ .travis.yml | 145 ---------------------------- scripts/test.sh | 71 ++++++-------- 10 files changed, 396 insertions(+), 187 deletions(-) create mode 100644 .github/actions/default/action.yml create mode 100644 .github/workflows/android.yml create mode 100644 .github/workflows/lgtm.yml create mode 100644 .github/workflows/linux.yml create mode 100644 .github/workflows/macos.yml create mode 100644 .github/workflows/sonarcloud.yml create mode 100644 .github/workflows/windows.yml delete mode 100644 .travis.yml diff --git a/.cirrus.yml b/.cirrus.yml index 674d06540..c4c5228b4 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -6,7 +6,7 @@ env: LEAK_DETECTIVE: no MONOLITHIC: no TEST: freebsd - TRAVIS_OS_NAME: freebsd + OS_NAME: freebsd task: install_script: ./scripts/test.sh deps diff --git a/.github/actions/default/action.yml b/.github/actions/default/action.yml new file mode 100644 index 000000000..d8d6bad61 --- /dev/null +++ b/.github/actions/default/action.yml @@ -0,0 +1,16 @@ +name: "Default CI Build Steps" +runs: + using: "composite" + steps: + - name: "Install Dependencies" + run: ./scripts/test.sh deps + shell: bash + - name: "Install Python Dependencies" + run: ./scripts/test.sh deps + shell: bash + - name: "Build Dependencies" + run: ./scripts/test.sh build-deps + shell: bash + - name: "Build/Tests" + run: ./scripts/test.sh + shell: bash diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml new file mode 100644 index 000000000..567c50772 --- /dev/null +++ b/.github/workflows/android.yml @@ -0,0 +1,43 @@ +name: Android + +on: [push, pull_request] + +env: + CCACHE_BASEDIR: ${{ github.workspace }} + CCACHE_COMPRESS: true + CCACHE_MAXSIZE: 400M + CC: gcc + OS_NAME: linux + +jobs: + android: + runs-on: ubuntu-latest + env: + TEST: android + # since the NDK is newly installed every time, we have to use this to avoid cache misses + CCACHE_COMPILERCHECK: content + steps: + # even though we don't specify a specific version in our gradle files, the + # build fails without this because some arbitrary NDK version, that's + # weirdly not installed, is requested + - name: Install NDK + run: yes | sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install 'ndk;21.0.6113669' + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: ~/.ccache + key: ccache-android-${{ github.ref }}:${{ github.sha }} + restore-keys: | + ccache-android-${{ github.ref }}: + ccache-android- + - run: | + sudo apt-get install -qq ccache + echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV + ccache -z + - uses: ./.github/actions/default + - run: ccache -s + - if: ${{ success() }} + uses: actions/upload-artifact@v2 + with: + name: Lint Results + path: src/frontends/android/app/build/reports/lint-results.xml diff --git a/.github/workflows/lgtm.yml b/.github/workflows/lgtm.yml new file mode 100644 index 000000000..8d6fd54a0 --- /dev/null +++ b/.github/workflows/lgtm.yml @@ -0,0 +1,24 @@ +name: lgtm.com + +on: [push] + +env: + OS_NAME: linux + +jobs: + lgtm: + runs-on: ubuntu-latest + env: + TEST: lgtm + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + # we don't use github/codeql-action because we can't exclude queries there, + # so we continue to use the approach we used on Travis + - env: + LGTM_TOKEN: ${{ secrets.LGTM_TOKEN }} + BUILD_NUMBER: ${{ github.run_id }} + COMMIT_ID: ${{ github.sha }} + COMMIT_BASE: ${{ github.event.before }} + uses: ./.github/actions/default diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml new file mode 100644 index 000000000..fc51cd35c --- /dev/null +++ b/.github/workflows/linux.yml @@ -0,0 +1,148 @@ +name: Linux + +on: [push, pull_request] + +env: + # this test case does not actually test anything but tries to access system + # directories that might be inaccessible on build hosts + TESTS_CASES_EXCLUDE: sw_collector + TESTS_REDUCED_KEYLENGTHS: yes + CCACHE_BASEDIR: ${{ github.workspace }} + CCACHE_COMPRESS: true + CCACHE_MAXSIZE: 200M + OS_NAME: linux + +jobs: + latest: + runs-on: ubuntu-latest + strategy: + matrix: + test: [ all, default, printf-builtin ] + compiler: [ gcc, clang ] + leak-detective: [ no, yes ] + monolithic: [ no, yes ] + exclude: + # leaks will show up whether we build monolithic or not + - leak-detective: yes + monolithic: yes + # monolithic builds don't affect the printf-hook implementation + - test: printf-builtin + monolithic: yes + include: + - test: apidoc + - test: coverage + - test: dist + - test: nm + - test: nm-no-glib + - test: fuzzing + compiler: clang + monolithic: yes + env: + LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }} + MONOLITHIC: ${{ matrix.monolithic || 'no' }} + CC: ${{ matrix.compiler || 'gcc' }} + TEST: ${{ matrix.test }} + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: ~/.ccache + # with regards to ccache, monolithic builds don't differ from regular + # builds and, similarly, builds with leak-detective only differ in two + # files (LD itself and library.c); but different tests build different + # dependencies, so different caches are needed + key: ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }} + restore-keys: | + ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}: + ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}- + ccache-${{ runner.os }}-${{ env.CC }}- + - run: | + sudo apt-get install -qq ccache + echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV + ccache -z + - uses: ./.github/actions/default + - run: ccache -s + - if: ${{ success() && matrix.test == 'coverage' }} + run: bash <(curl -s https://codecov.io/bash) + - if: ${{ failure() }} + uses: actions/upload-artifact@v2 + with: + name: Logs ${{ github.job }} + path: config.log + retention-days: 5 + + crypto-plugins: + runs-on: ubuntu-latest + strategy: + matrix: + test: [ botan, wolfssl, openssl, gcrypt ] + leak-detective: [ no, yes ] + env: + LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }} + TEST: ${{ matrix.test }} + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: ~/.ccache + key: ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }} + restore-keys: | + ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}: + ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}- + ccache-${{ runner.os }}-${{ env.CC }}- + ccache-${{ runner.os }}-${{ env.CC }}-all-${{ github.ref }}:${{ github.sha }} + ccache-${{ runner.os }}-${{ env.CC }}-all-${{ github.ref }}: + ccache-${{ runner.os }}-${{ env.CC }}-all- + ccache-${{ runner.os }}-${{ env.CC }}- + - run: | + sudo apt-get install -qq ccache + echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV + ccache -z + - uses: ./.github/actions/default + - run: ccache -s + - if: ${{ failure() }} + uses: actions/upload-artifact@v2 + with: + name: Logs ${{ github.job }} + path: config.log + retention-days: 5 + + xenial: + runs-on: ubuntu-16.04 + strategy: + matrix: + test: [ all ] + compiler: [ gcc, clang ] + include: + - test: openssl-1.0 + - test: openssl-1.0 + leak-detective: yes + env: + LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }} + CC: ${{ matrix.compiler || 'gcc' }} + TEST: ${{ matrix.test }} + UBUNTU_XENIAL: yes + # this is the default with newer versions and fixes builds with clang + CCACHE_CPP2: true + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: ~/.ccache + key: ccache-xenial-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }} + restore-keys: | + ccache-xenial-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}: + ccache-xenial-${{ env.CC }}-${{ matrix.test }}- + ccache-xenial-${{ env.CC }}- + - run: | + sudo apt-get install -qq ccache + echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV + ccache -z + - uses: ./.github/actions/default + - run: ccache -s + - if: ${{ failure() }} + uses: actions/upload-artifact@v2 + with: + name: Logs ${{ github.job }} + path: config.log + retention-days: 5 diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml new file mode 100644 index 000000000..1528f3f9e --- /dev/null +++ b/.github/workflows/macos.yml @@ -0,0 +1,37 @@ +name: macOS + +on: [push, pull_request] + +env: + TESTS_REDUCED_KEYLENGTHS: yes + CCACHE_BASEDIR: ${{ github.workspace }} + CCACHE_COMPRESS: true + CCACHE_MAXSIZE: 100M + OS_NAME: macos + +jobs: + macos: + runs-on: macos-latest + env: + TEST: macos + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: ~/Library/Caches/ccache + key: ccache-${{ runner.os }}-${{ github.ref }}:${{ github.sha }} + restore-keys: | + ccache-${{ runner.os }}-${{ github.ref }}: + ccache-${{ runner.os }}- + - run: | + brew install ccache + echo "PATH=$(brew --prefix)/opt/ccache/libexec:$PATH" >> $GITHUB_ENV + ccache -z + - uses: ./.github/actions/default + - run: ccache -s + - if: ${{ failure() }} + uses: actions/upload-artifact@v2 + with: + name: Logs ${{ github.job }} + path: config.log + retention-days: 5 diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 000000000..aa6a411e2 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,53 @@ +name: SonarCloud + +on: [push] + +env: + CCACHE_BASEDIR: ${{ github.workspace }} + CCACHE_COMPRESS: true + CCACHE_MAXSIZE: 200M + OS_NAME: linux + +jobs: + sonarcloud: + runs-on: ubuntu-latest + env: + TEST: sonarcloud + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/cache@v2 + with: + path: | + ~/.ccache + ~/.sonar-cache + key: ccache-sonarcloud-${{ github.ref }}:${{ github.sha }} + restore-keys: | + ccache-sonarcloud-${{ github.ref }}: + ccache-sonarcloud- + - run: | + sudo apt-get install -qq ccache + echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV + ccache -z + # using SonarSource/sonarcloud-github-action is currently not recommended + # for C builds, so we follow the "any CI" instructions + - name: Install sonar-scanner + env: + SONAR_SCANNER_VERSION: 4.4.0.2170 + run: | + export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux + curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV + curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip + unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ + echo "PATH=$HOME/.sonar/build-wrapper-linux-x86:$SONAR_SCANNER_HOME/bin:$PATH" >> $GITHUB_ENV + - env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BUILD_NUMBER: ${{ github.run_id }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_PROJECT: ${{ secrets.SONAR_PROJECT }} + SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }} + uses: ./.github/actions/default + - run: ccache -s diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml new file mode 100644 index 000000000..073bd274a --- /dev/null +++ b/.github/workflows/windows.yml @@ -0,0 +1,44 @@ +name: Windows + +on: [push, pull_request] + +env: + TESTS_REDUCED_KEYLENGTHS: yes + CCACHE_BASEDIR: ${{ github.workspace }} + CCACHE_COMPRESS: true + CCACHE_MAXSIZE: 200M + # since the compilers are newly installed every time, we have to use this to + # avoid cache misses + CCACHE_COMPILERCHECK: content + MONOLITHIC: yes + +jobs: + cross-compile: + runs-on: ubuntu-latest + strategy: + matrix: + test: [ win64, win32 ] + env: + OS_NAME: linux + TEST: ${{ matrix.test }} + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: ~/.ccache + key: ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }} + restore-keys: | + ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.ref }}: + ccache-${{ runner.os }}-${{ matrix.test }}- + - run: | + sudo apt-get install -qq ccache + echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV + ccache -z + - uses: ./.github/actions/default + - run: ccache -s + - if: ${{ failure() }} + uses: actions/upload-artifact@v2 + with: + name: Logs ${{ github.job }} + path: config.log + retention-days: 5 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 41a163738..000000000 --- a/.travis.yml +++ /dev/null @@ -1,145 +0,0 @@ -language: c - -os: linux -dist: bionic - -# don't build tags separately -if: tag IS blank - -compiler: gcc - -cache: ccache - -before_install: - - travis_retry ./scripts/test.sh deps - - travis_retry ./scripts/test.sh pydeps - - travis_retry ./scripts/test.sh build-deps - -before_script: - - sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0 || true - -script: - - ./scripts/test.sh - -after_success: - if [ "$TEST" == "coverage" ]; then - bash <(curl -s https://codecov.io/bash); - fi - -after_failure: - - cat config.log - - sleep 1 - -env: - global: - - TESTS_REDUCED_KEYLENGTHS=yes - - LEAK_DETECTIVE=no - - MONOLITHIC=no - -jobs: - include: - - env: TEST=sonarcloud - if: | - type = push AND env(SONAR_TOKEN) IS present AND \ - env(SONAR_PROJECT) IS present AND \ - env(SONAR_ORGANIZATION) IS present - git: - depth: false - cache: - directories: - - $HOME/.sonar-cache - addons: - sonarcloud: true - - env: TEST=lgtm - if: type = push AND env(LGTM_TOKEN) IS present - git: - depth: false - - env: TEST=osx - compiler: clang - os: osx - - env: TEST=android - install: - # see https://developer.android.com/studio#command-tools - - export ANDROID_TOOLS=commandlinetools-linux-6200805_latest.zip - - export ANDROID_HOME=$HOME/android-sdk - - wget -nv https://dl.google.com/android/repository/$ANDROID_TOOLS - - unzip -q $ANDROID_TOOLS -d $ANDROID_HOME && rm $ANDROID_TOOLS - - export PATH=$PATH:$ANDROID_HOME/tools/bin - # sdkmanager only works with Java 8 - - export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 - - yes | sdkmanager --sdk_root=$ANDROID_HOME --licenses >/dev/null - - yes | sdkmanager --sdk_root=$ANDROID_HOME --install 'ndk;20.0.5594570' - - mkdir -p $HOME/.gradle - - echo "org.gradle.daemon=false" >> $HOME/.gradle/gradle.properties - - echo "org.gradle.console=plain" >> $HOME/.gradle/gradle.properties - # since the NDK is newly installed everytime, we have to use this to avoid cache misses - - export CCACHE_COMPILERCHECK=content - after_success: - - cat src/frontends/android/app/build/reports/lint-results.xml - before_cache: - - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock - - rm -fr $HOME/.gradle/caches/*/plugin-resolution/ - cache: - ccache: true - directories: - - $HOME/.gradle/caches/ - - $HOME/.gradle/wrapper/ - - $HOME/.android/build-cache - - env: TEST=all - - env: TEST=all - compiler: clang - - env: TEST=all - arch: arm64 - - env: TEST=all - arch: ppc64le - - env: TEST=all - arch: s390x - - env: TEST=all UBUNTU_XENIAL=yes - dist: xenial - - env: TEST=all UBUNTU_XENIAL=yes - dist: xenial - compiler: clang - - env: TEST=all MONOLITHIC=yes - - env: TEST=all MONOLITHIC=yes - compiler: clang - - env: TEST=all LEAK_DETECTIVE=yes - - env: TEST=all LEAK_DETECTIVE=yes - compiler: clang - - env: TEST=coverage - - env: TEST=fuzzing MONOLITHIC=yes - compiler: clang - - env: TEST=win64 MONOLITHIC=yes - - env: TEST=win32 MONOLITHIC=yes - - env: TEST=dist - # "default" with GCC is already tested with "dist" above - - env: TEST=default - compiler: clang - - env: TEST=default MONOLITHIC=yes - - env: TEST=default MONOLITHIC=yes - compiler: clang - - env: TEST=default LEAK_DETECTIVE=yes - - env: TEST=default LEAK_DETECTIVE=yes - compiler: clang - # we can't test Vstr as negative int args are not properly passed to CBs - - env: TEST=printf-builtin - - env: TEST=printf-builtin - compiler: clang - - env: TEST=printf-builtin LEAK_DETECTIVE=yes - - env: TEST=printf-builtin LEAK_DETECTIVE=yes - compiler: clang - - env: TEST=nm - - env: TEST=nm-no-glib - # the crypto plugins are build-tested with clang via "all" above - - env: TEST=botan - - env: TEST=botan LEAK_DETECTIVE=yes - - env: TEST=wolfssl - - env: TEST=wolfssl LEAK_DETECTIVE=yes - - env: TEST=openssl - - env: TEST=openssl LEAK_DETECTIVE=yes - - env: TEST=openssl-1.0 UBUNTU_XENIAL=yes - dist: xenial - - env: TEST=openssl-1.0 LEAK_DETECTIVE=yes UBUNTU_XENIAL=yes - dist: xenial - - env: TEST=gcrypt - - env: TEST=gcrypt LEAK_DETECTIVE=yes - - env: TEST=apidoc diff --git a/scripts/test.sh b/scripts/test.sh index 6a63f4695..82854013b 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -1,5 +1,5 @@ #!/bin/sh -# Build script for Travis CI +# Build script for CI build_botan() { @@ -88,8 +88,8 @@ build_tss2() cd - } -: ${TRAVIS_BUILD_DIR=$PWD} -: ${DEPS_BUILD_DIR=$TRAVIS_BUILD_DIR/..} +: ${BUILD_DIR=$PWD} +: ${DEPS_BUILD_DIR=$BUILD_DIR/..} : ${DEPS_PREFIX=/usr/local} TARGET=check @@ -140,26 +140,25 @@ all|coverage|sonarcloud) --disable-osx-attr --disable-tkm --disable-uci --disable-unwind-backtraces --disable-svc --disable-dbghelp-backtraces --disable-socket-win - --disable-kernel-wfp --disable-kernel-iph --disable-winhttp" + --disable-kernel-wfp --disable-kernel-iph --disable-winhttp + --disable-python-eggs-install" # not enabled on the build server CONFIG="$CONFIG --disable-af-alg" - if test "$TRAVIS_CPU_ARCH" != "amd64"; then - CONFIG="$CONFIG --disable-aesni --disable-rdrand" - fi if test "$TEST" != "coverage"; then CONFIG="$CONFIG --disable-coverage" else # not actually required but configure checks for it DEPS="$DEPS lcov" fi - # Botan requires GCC 5.0, so disable it on Ubuntu 16.04 + # Botan requires newer compilers, so disable it on Ubuntu 16.04 if test -n "$UBUNTU_XENIAL"; then CONFIG="$CONFIG --disable-botan" fi DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev - libpcsclite-dev libpam0g-dev binutils-dev libnm-dev libgcrypt20-dev - libjson-c-dev iptables-dev python-pip libtspi-dev libsystemd-dev" + libldap2-dev libpcsclite-dev libpam0g-dev binutils-dev libnm-dev + libgcrypt20-dev libjson-c-dev iptables-dev python-pip libtspi-dev + libsystemd-dev" PYDEPS="tox" if test "$1" = "build-deps"; then if test -z "$UBUNTU_XENIAL"; then @@ -183,7 +182,6 @@ win*) # no make check for Windows binaries unless we run on a windows host if test "$APPVEYOR" != "True"; then TARGET= - CCACHE=ccache else CONFIG="$CONFIG --enable-openssl" CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include" @@ -196,24 +194,23 @@ win*) win64) CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces" DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS" - CC="$CCACHE x86_64-w64-mingw32-gcc" + CC="x86_64-w64-mingw32-gcc" ;; win32) CONFIG="--host=i686-w64-mingw32 $CONFIG" DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS" - CC="$CCACHE i686-w64-mingw32-gcc" + CC="i686-w64-mingw32-gcc" ;; esac ;; android) - DEPS="$DEPS openjdk-8-jdk" if test "$1" = "deps"; then git clone git://git.strongswan.org/android-ndk-boringssl.git -b ndk-static \ src/frontends/android/app/src/main/jni/openssl fi TARGET=distdir ;; -osx) +macos) # this causes a false positive in ip-packet.c since Xcode 8.3 CFLAGS="$CFLAGS -Wno-address-of-packed-member" # use the same options as in the Homebrew Formula @@ -227,7 +224,7 @@ osx) --enable-scepclient --enable-socket-default --enable-sshkey --enable-stroke --enable-swanctl --enable-unity --enable-updown --enable-x509 --enable-xauth-generic" - DEPS="bison gettext openssl curl" + DEPS="automake autoconf libtool bison gettext openssl curl" BREW_PREFIX=$(brew --prefix) export PATH=$BREW_PREFIX/opt/bison/bin:$PATH export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH @@ -271,7 +268,7 @@ fuzzing) if test -z "$1"; then if test -z "$FUZZING_CORPORA"; then git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora - export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora + export FUZZING_CORPORA=$BUILD_DIR/fuzzing-corpora fi # these are about the same as those on OSS-Fuzz (except for the # symbolize options and strip_path_prefix) @@ -306,26 +303,22 @@ lgtm) DEPS="jq" if test -z "$1"; then - # fall back to the parent of the latest commit (on new branches we might - # not have a range, also on duplicate branches) - base="${TRAVIS_COMMIT}^" - if test -n "$TRAVIS_COMMIT_RANGE"; then - base="${TRAVIS_COMMIT_RANGE%...*}" - # after rebases, the first commit ID in the range might not be valid - git rev-parse -q --verify $base - if [ $? != 0 ]; then - # this will always compare against master, while the range - # otherwise only contains "new" commits - base=$(git merge-base origin/master ${TRAVIS_COMMIT}) - fi + base=$COMMIT_BASE + # after rebases or for new/duplicate branches, the passed base commit + # ID might not be valid + git rev-parse -q --verify $base^{commit} + if [ $? != 0 ]; then + # this will always compare against master, while via base we + # otherwise only contains "new" commits + base=$(git merge-base origin/master ${COMMIT_ID}) fi base=$(git rev-parse $base) project_id=1506185006272 - echo "Starting code review for $TRAVIS_COMMIT (base $base) on lgtm.com" + echo "Starting code review for $COMMIT_ID (base $base) on lgtm.com" git diff --binary $base > lgtm.patch || exit $? curl -s -X POST --data-binary @lgtm.patch \ - "https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${TRAVIS_BUILD_NUMBER}" \ + "https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${BUILD_NUMBER}" \ -H 'Content-Type: application/octet-stream' \ -H 'Accept: application/json' \ -H "Authorization: Bearer ${LGTM_TOKEN}" > lgtm.res || exit $? @@ -373,12 +366,12 @@ esac case "$1" in deps) - case "$TRAVIS_OS_NAME" in + case "$OS_NAME" in linux) sudo apt-get update -qq && \ sudo apt-get install -qq bison flex gperf gettext $DEPS ;; - osx) + macos) brew update && \ brew install $DEPS ;; @@ -423,12 +416,6 @@ esac echo "$ make $TARGET" case "$TEST" in sonarcloud) - # there is an issue with the platform detection that causes sonarqube to - # fail on bionic with "ERROR: ld.so: object '...libinterceptor-${PLATFORM}.so' - # from LD_PRELOAD cannot be preloaded (cannot open shared object file)" - # https://jira.sonarsource.com/browse/CPP-2027 - BW_PATH=$(dirname $(which build-wrapper-linux-x86-64)) - cp $BW_PATH/libinterceptor-x86_64.so $BW_PATH/libinterceptor-haswell.so # without target, coverage is currently not supported anyway because # sonarqube only supports gcov, not lcov build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $? @@ -448,9 +435,11 @@ apidoc) ;; sonarcloud) sonar-scanner \ + -Dsonar.host.url=https://sonarcloud.io \ -Dsonar.projectKey=${SONAR_PROJECT} \ -Dsonar.organization=${SONAR_ORGANIZATION} \ - -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \ + -Dsonar.login=${SONAR_TOKEN} \ + -Dsonar.projectVersion=$(git describe)+${BUILD_NUMBER} \ -Dsonar.sources=. \ -Dsonar.cfamily.threads=2 \ -Dsonar.cfamily.cache.enabled=true \ @@ -462,7 +451,7 @@ android) rm -r strongswan-* cd src/frontends/android echo "$ ./gradlew build" - NDK_CCACHE=ccache ./gradlew build + NDK_CCACHE=ccache ./gradlew build || exit $? ;; *) ;; -- 2.39.2